InfoWorld: Microsoft disputes expert’s characterization of Windows ‘back door’

“A private security expert said he has found a ‘back door’ in
Microsoft’s Windows operating systems that could give a United
States spy agency access to the systems.

Microsoft hotly denied that the encryption key — publicized by
Andrew Fernandes, chief scientist at Cryptonym, who charged that
the back door exists in Windows 9x, Windows NT, and Windows 2000 —
gave the National Security Agency access to computers.

Fernandes said he discovered the weakness that exploits
Microsoft’s encryption architecture while investigating Windows NT
4.0 for security breaches.

Fernandes said that in Service Pack 5 for NT 4.0,
Microsoft apparently forgot to remove symbolic information that
details the meaning of a cryptographic key. The findings proved
that two keys to the systems exist, he said — one at
Microsoft, and one in the possession of the National Security
Agency (NSA).

Until the finding, the existence of the second key — and the
identity of its holder — was not known because Microsoft had
removed any identifying symbols. In Service Pack 5, the identifier
‘nsa’ is exposed.”

[No one seems to be raising an issue about the second,
Microsoft key, which apparently offers the same unauthorized access
to your system as the NSA key? – LT ed.]

Complete Story